Univention Bugzilla – Bug 51274
create_ou script should check length of ou-servers hostname-name
Last modified: 2021-02-10 09:27:27 CET
create_ou does not check the length of ou-name and server-name(s), while using. afterwards it may happens, that DCs cannot be joined due to names longer than 13 chars.
Where does the length limit of 13 chars for a hostname come from? There shouldn't be such a limit. (And if there was, it should be checked by UDM, not the create_ou script.) What's the error message?
Created attachment 10354 [details] join error when servername is too long
the error appears, when the new ucs system is setted up and shall be joined to the domain; see attached screenshot
Created attachment 10356 [details] screenshot UMC module "Schools" jFYI: the UMC module to create a new school restricts the length of the school server name to 12(!) characters. I just can't type more than 12 characters in that box (see attachment). No warning or explanation.
*** Bug 51289 has been marked as a duplicate of this bug. ***
Text from bug 51289: ---[cut]--- When creating a new school via the UMC, the name of the new school server is automatically checked. This name must not exceed 12 characters in the UMC. The CLI scripts create_ou and create_dc do not check the names of the school servers, which is why a customer has already completely incorrectly provisioned his domain and now had to correct this. → the scripts should throw an error if this is tried. In addition, there should be a parameter/UCR variable to disable this limitation if necessary. The reason for the length restriction is generally the Windows clients, which may otherwise shorten the host names and cause login problems. The UCS manual states that the maximum length should be 13 characters (I have currently no idea, why the UMC module is limited to 12 characters for the school name). ---[cut]---
OK, there is a limit for the hostname. But what about the name of the OU? The bugs title and OP asks for a limit for that too, but I cannot see a reason and the UMC module does not restrict the length. Please clarify.
To clarify: the length of the OU-name does not need to be checked. The bug name has been updated
We have decided to change the default DC names (generated when non are given by the user): educational DC: "dc{ou}" administrativ DC: "dcv{ou}" (v from Verwaltung) When the host names generated in this form are to long (>13 chars), an error should be shown to the user, telling him the problem and asking him to pass the desired host name(s) as parameters. This check should be done _before_ starting to create the OU, to prevent inconsistencies from an interrupted OU-creation process.
Default DC names are now set as suggested in comment 9 Applied changes in branch troehmey/bug51274_check_ou_name_length with commits: commit 3762ca886a6672e17e45dd733e112010a5885ec0 Bug #51274: applied naming convention dc{ou} in manual commit a44ee3d86c07df82619374a0f2273507599c42ab Bug #51274: applied naming convention "dc{ou}" to import hook commit 04973b45c956020daccfbbc6b385505b9f407062 Bug #51274: applied naming convention "dc{ou}" in ucs-test-ucsschool commit 7cc8acd614fbbb3ccae6a9d37d488ddc9e649a4b Bug #51274: removed another "-01" commit 68f1bd8704e1d81b26ab24c174269eec15cfcc6c Bug #51274: changed edu- and admin dc naming convention Affected packages: ucs-school-import ucs-school-lib ucs-test-ucsschool doc/manual Tested behavior by creating new schools via the following script in command-line: /usr/share/ucs-school-import/scripts/create_ou ...with different ou_name lengths given.
->REOPENED noticed error: script now always creates administrative dc
-> Resolved Forgot to annotate: The creation of unwanted administrative dcs was not caused by my changes.
* In create_ou(): move the constant (max_hostname_length) to the top of the module and make it upper case. * In create_ou(): use the value of the constant in the exception message. * In create_ou(): the line with the exception message is linger than 105 characters. As it's enclosed in brackets, you can simply make 2 strings from the error message, each on a separate line. * In create_ou(): the length validation does not happen when 'edu_name' is passed as parameter. This allows users to manually create to long hostnames. Move the code below the if-branch. * Please remove "-01" also from ucs-school-import/examples/import-printer-example.csv * Please modify ucs-school-import/usr/share/ucs-school-import/scripts/ucs-school-import line 1397 (only!) to remove "-01" from verify_group_share(), as the "import_group" executable is still in use. The create_ou() function of this module is not used anymore and can be ignored. * Please raise the length limit to 13 characters for both DC names. Change it also in the UMC modules fronend JS code. The limit of 12 characters was introduced in Bug #33387 with a reference to Bug #31427. It seems that at that time an administrative DC was always automatically created, using the educational DCs name with one character ("v") more. This is no longer the case, so we can raise the limit to 13 characters.
Issues from comment #13 resolved with commit 46d4dbe3d Bug #51274: ensure validation when eduname is passed; small fixes on branch troehmey/bug51274_check_ou_name_length
String replacements should follow strings, not be inside of them (also: they are tuples). Instead of: raise ValueError( "Automatically generated hostnames are too long (>%s characters)." % MAX_HOSTNAME_LENGTH, "Please pass the desired hostname(s) as parameters.", ) write: raise ValueError( "Automatically generated hostnames are too long (>%d characters)." "Please pass the desired hostname(s) as parameters." % (MAX_HOSTNAME_LENGTH,) ) better yet use str.format(): raise ValueError( "Automatically generated hostnames are too long (>{} characters)." "Please pass the desired hostname(s) as parameters.".format(MAX_HOSTNAME_LENGTH) ) -------- If I build the packages from this feature branch, it does not run in a currently UCS@school system. The code is 4 months old and not compatible anymore. Please rebase the branch on top of the current 4.4 branch.
Commits were squashed cherry picked to a new branch troehmey/bug51274_check_ou_name_length_v2 commit d69e397760f4ceb67a36b710af4c2fd5c1929c6d Bug #51274: changed edu- and admin dc naming convention Fix from comment #15 was applied
* Fails: /usr/share/ucs-school-import/scripts/create_ou xyz123xyzabcde xyz123xyz123e xyz123xyz123a -> Because "admin_name" is not used to check for length, evwn when supplied. * There is a space missing after the dot: »(>13 characters).Please« * In the UMC there is _no_ length limit now. I created an OU "abcdefghijklmnopqrstuvwxyz1".
The ucs-school-lib package cannot be build: ----------------------------------------------------------------- E:0008-3: python/de.po:25:1: contains "fuzzy" ----------------------------------------------------------------- The de.po file was not updated. ######## Please create a merge request. ######## OK: ".../scripts/create_ou xyz123xyzabcde xyz123xyz123e xyz123xyz123a" works as expected. OK: passed length of passed admin-dc-name is checked OK: message fixed OK: UMC checks DC name lengths, ignore comment above about this, the OU name is allowed to be longer than 13 chars. ######## The length of the admin-dc-name is checked, even if it is not created. The following command should be possible, as the edu-dc-name will be 13 chars and the admin-dc will not be automatically created, if not passed: .../scripts/create_ou xyz123xyzabcdef xyz123xyzabcx
Applied fixes suggested in comment #17 and comment #18 with: 1eca47adf Bug #51274: update de.po c3a692743 Bug #51274: check admin dc name only when specified 2a4fd71e1 Bug #51274: raised allowed DCName length to 13 c196347c5 Bug #51274: check admin name length when supplied Merge Request: https://git.knut.univention.de/univention/ucsschool/-/merge_requests/6
OK: code changes OK: manual tests I have squash all commits into 1 and merged it into '4.4': [4.4] 69743412f Bug #51274: edu and adm school server name length is 13 Please build the packages and write the advisories.
Packages have been build and advisories are commited: b897424a8 Bug #51274: added advisories 0a92a7dbf Bug #51274: added changelog entries 4761c9b82 Bug #51274: added changelog entry Successful builds: Package: ucs-school-import Version: 17.0.47A~4.4.0.202012150952 Branch: ucs_4.4-0 Scope: ucs-school-4.4 Package: ucs-school-lib Version: 12.2.6A~4.4.0.202012151005 Branch: ucs_4.4-0 Scope: ucs-school-4.4 Package: ucs-school-umc-wizards Version: 11.0.0-10A~4.4.0.202012151008 Branch: ucs_4.4-0 Scope: ucs-school-4.4
OK: builds OK: advisories (I did a small name fix in ucs-school-import.yaml) Reopen: ucs-test-ucsschool needs changelog and package build Reopen: the documentation must be build
Sorry I forgot that. Doc Build: https://jenkins.knut.univention.de:8181/job/UCSschool-4.4/job/Handbook/60/ ucs-test-ucsschool build: Package: ucs-test-ucsschool Version: 6.0.170A~4.4.0.202012151409 Branch: ucs_4.4-0 Scope: ucs-school-4.4 changelog: b1588c540 Bug #51274: changelog entry
OK: ucs-test-ucsschool changelog + build OK: doc build
Errata updates for UCS@school 4.4 v8 have been released. https://docs.software-univention.de/changelog-ucsschool-4.4v8-de.html If this error occurs again, please clone this bug.